Embedded World 2016

We’re the experts to help make your company and your code better. At Embedded World 2016 we'll be showing attendees why we’re the experts in embedded security and open source software (OSS) technical support.

We're here to help the embedded industry come out from behind the curtain and fully embrace the use of OSS. When done correctly, using OSS in your code is something to be boastful about – the industry should no longer shy away.

We can help you make a plan to embrace impacts on embedded development today, and help defend against hundreds — if not thousands — of security vulnerabilities including buffer overflows, uninitialized data, use of dangling pointers, injection flaws, and use of insecure APIs and libraries.

We'll educate you on how to can prevent cybersecurity vulnerabilities with a mitigation plan. We’ve already examined the top 10 automotive cybersecurity vulnerabilities and know how attendees can stay ahead of these – and other – vulnerabilities.

In-booth activities:

Live demonstrations:

Klocwork, static code analysis

OpenLogic, open source support and auditing

Find the bug: see if you can find the bug with your eyes, and with our static code analysis tool, Klocwork

Speaking sessions:

Presenter: Rod Cope, CTO

When: Tuesday, February 23 at 9:30 AM (Central European Time)

Title: Untangled: A Plan to Embrace the Three Biggest Impacts on Embedded Development TodaySession 10: Management Focus I: Agile Methods

Abstract: We're all experts at what we know and we all desire to continually evolve, maximizing our impact on the people, projects, and products we care about. The embedded space is no different, it started well before we arrived and will continue to struggle, adapt, and evolve. The link between our desires and our products is simple yet we struggle to bring them together, especially when the landscape changes. With the growing adoption of open source, the need for better code security, and the shift towards Agile development, how do we embrace our new landscape most effectively?

Starting with the people, implementing with the processes, and concluding with the tools, this paper summarizes the current state of change within the embedded industry and discusses how to shift a development team towards less risk in open source, code security, and Agile - arguably the biggest sources of confusion today. Using proven examples from other industries and three processes to understand the challenges, competencies, and changes necessary for success, these shifts will elevate your expertise to bring your embedded development on track for the future.

Abstract: As embedded systems evolve and become increasingly interconnected, the risk to the security and functionality of these systems increases. Building connected automotive software that's both reliable and secure is a big task; knowing where to focus time and energy can be half the challenge. Millions of lines of software code are driving the latest innovations in today's vehicles. As the code lines increase in vehicles, however, so do the opportunities for security vulnerabilities. Our research shows that nearly 90% of all detected security holes can be traced back to just ten types of vulnerabilities.

In this paper we will review our research on the top ten automotive cybersecurity vulnerabilities of 2015 from numeric errors to improper access control to memory buffer problems. Understanding the vulnerabilities that are directly effecting the automotive industry is only a part of the battle. Developing in-vehicle embedded applications is a safety, security, and quality challenge. Having a detailed mitigation plan will help prevent issues like breaches, downtimes, and product recalls later on in the life of the vehicle. We'll provide four best practices for developing a plan that shifts the discovery of vulnerabilities left.

From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these best practices shift attack mitigation efforts to simplify fixes and enable more cost-effective solutions earlier in the software development life cycle.

Abstract: Companies that create smartphones, military systems, aerospace technology, medical devices, and communications software and equipment are all looking at source code analysis (SCA) as a way to reduce their costs while creating more secure and reliable code. Naturally, people want to know what payoff to expect from deploying SCA and how they can show ROI within their organization. This session will show you how to build a business case for source code analysis and demonstrates a few different ways to calculate ROI for this technology.

We'll present a live demonstration of how our SCA tool, Klocwork, works to scan, locate, and resolve bugs in real code.